- Joined
- Aug 28, 2011
- Messages
- 3,990
- Points
- 63
https://www.zdnet.com/article/nso-l...ndreds-of-whatsapp-attacks-to-one-ip-address/
Facebook-NSO lawsuit: Hundreds of WhatsApp attacks linked to one IP address
Facebook fights to keep the lawsuit on track after NSO filed a motion to dismiss the case earlier this month.
By Catalin Cimpanu for Zero Day | April 24, 2020 -- 16:12 GMT (09:12 PDT) | Topic: Security
See also
The legal case between Facebook and Israeli spyware vendor NSO Group is starting to yield the details tech and cyber-security experts have been waiting since Facebook filed its lawsuit in October 2019.
In court documents filed yesterday, Facebook said it linked 720 instances of attacks against WhatsApp users to one single IP address.
The attacks were carried out against WhatsApp users in the spring of 2019. The exploit used in the attack was a zero-day in the WhatsApp VoIP feature.
Facebook sued NSO last year for developing the exploit and making it available to its customers (foreign governments), who then used it to hack WhatsApp users.
This included more than 1,400 users, according to Facebook count, and included the likes of attorneys, journalists, human rights activists, political dissidents, diplomats, and government officials.
The exploit had the ability to infect a phone with the Pegasus malware, which then pinged NSO command and control servers for instructions on what commands to execute and what data to steal.
Hundreds of attacks linked to one US server
"I have reviewed the malicious code sent during the attack described in the Complaint," said Claudiu Gheorghe, a software engineering manager for WhatsApp in court documents filed by Facebook's legal team last night.
"That malicious code was designed to cause a WhatsApp user's mobile device to connect to a remote server not associated with WhatsApp. The IP address of the remote server was included in the malicious code," Gheorghe said.
"In 720 instances of the attack, the remote server's IP address was 104.223.76.220. In 3 instances of the attack, the remote server's IP address was 54.93.81.200," Gheorghe added.
The first of these IPs, and the one most commonly observed by WhatsApp engineers, belongs to QuadraNet Enterprises LLC, a Los Angeles-based data center provider.
The small detail to what IP address a hacked WhatsApp user has communicated is now crucial in the case after earlier this month, the NSO Group legal team filed a motion to dismiss the case, citing a long list of reasons, including the lack of jurisdiction of a California court to preside over the case.
But Facebook's legal team says this argument is faulty as NSO has been taking financing from a California private equity firm, and has been relying on servers located in the state.
"To execute its scheme and install its spyware on WhatsApp users' devices, NSO separately entered into a contract with a California-based technology company, QuadraNet, that included a California choice-of-law clause," Facebook said, claiming that its lawsuit needs to allow to continue.
Facebook NSO is not immune because it sells to governments
In its 35-page document, Facebook also brought counter-arguments to all the items raised by NSO's motion to dismiss the case earlier this month.
While most of the document is legalese sword-fighting between oppossing and expensive legal teams, there is also another interesting item raised by both teams.
Earlier this month, the NSO legal team argued that the company should be immune to prosecution because it was contracted by a foreign government.
In its counter-argument, Facebook claimed that NSO has not produced evidence, such as a contract, that it worked for any foreign government, nor that there is any law that grants immunity to contractors acting on behalf of a government.
Facebook said last year, and reiterated again yesterday, that the hacks caused reputational damage to its WhatsApp product and it now wants to hold NSO responsible and liable for damages.
In a statement last year, NSO told ZDNet that its product had been designed to help law enforcement and intelligence services fight terrorism and serious crime.
An NSO spokesperson did not return a request for comment on Facebook's counter-motion.
https://www.bbc.com/news/technology-48262681
WhatsApp discovers 'targeted' surveillance attack
Dave Lee North America technology reporter
Image copyright Getty Images Image caption WhatsApp has 1.5bn users, but it believed the attacks were highly-targeted
Hackers were able to remotely install surveillance software on phones and other devices using a major vulnerability in messaging app WhatsApp, it has been confirmed.
WhatsApp, which is owned by Facebook, said the attack targeted a "select number" of users and was orchestrated by "an advanced cyber-actor".
A fix was rolled out on Friday.
On Monday, WhatsApp urged all of its 1.5 billion users to update their apps as an added precaution.
The surveillance software involved was developed by Israeli firm NSO Group, according to a report in the Financial Times.
Facebook first discovered the flaw in WhatsApp earlier in May.
WhatsApp promotes itself as a "secure" communications app because messages are end-to-end encrypted, meaning they should only be displayed in a legible form on the sender or recipient's device.
However, the surveillance software would have let an attacker read the messages on the target's device.
Some users of the app have questioned why the app store notes associated with the latest update are not explicit about the fix.
Image copyright Twitter
"Journalists, lawyers, activists and human rights defenders" are most likely to have been targeted, said Ahmed Zidan from the non-profit Committee to Protect Journalists.
Facebook-NSO lawsuit: Hundreds of WhatsApp attacks linked to one IP address
Facebook fights to keep the lawsuit on track after NSO filed a motion to dismiss the case earlier this month.
By Catalin Cimpanu for Zero Day | April 24, 2020 -- 16:12 GMT (09:12 PDT) | Topic: Security
See also
The legal case between Facebook and Israeli spyware vendor NSO Group is starting to yield the details tech and cyber-security experts have been waiting since Facebook filed its lawsuit in October 2019.
In court documents filed yesterday, Facebook said it linked 720 instances of attacks against WhatsApp users to one single IP address.
The attacks were carried out against WhatsApp users in the spring of 2019. The exploit used in the attack was a zero-day in the WhatsApp VoIP feature.
Facebook sued NSO last year for developing the exploit and making it available to its customers (foreign governments), who then used it to hack WhatsApp users.
This included more than 1,400 users, according to Facebook count, and included the likes of attorneys, journalists, human rights activists, political dissidents, diplomats, and government officials.
The exploit had the ability to infect a phone with the Pegasus malware, which then pinged NSO command and control servers for instructions on what commands to execute and what data to steal.
Hundreds of attacks linked to one US server
"I have reviewed the malicious code sent during the attack described in the Complaint," said Claudiu Gheorghe, a software engineering manager for WhatsApp in court documents filed by Facebook's legal team last night.
"That malicious code was designed to cause a WhatsApp user's mobile device to connect to a remote server not associated with WhatsApp. The IP address of the remote server was included in the malicious code," Gheorghe said.
"In 720 instances of the attack, the remote server's IP address was 104.223.76.220. In 3 instances of the attack, the remote server's IP address was 54.93.81.200," Gheorghe added.
The first of these IPs, and the one most commonly observed by WhatsApp engineers, belongs to QuadraNet Enterprises LLC, a Los Angeles-based data center provider.
The small detail to what IP address a hacked WhatsApp user has communicated is now crucial in the case after earlier this month, the NSO Group legal team filed a motion to dismiss the case, citing a long list of reasons, including the lack of jurisdiction of a California court to preside over the case.
But Facebook's legal team says this argument is faulty as NSO has been taking financing from a California private equity firm, and has been relying on servers located in the state.
"To execute its scheme and install its spyware on WhatsApp users' devices, NSO separately entered into a contract with a California-based technology company, QuadraNet, that included a California choice-of-law clause," Facebook said, claiming that its lawsuit needs to allow to continue.
Facebook NSO is not immune because it sells to governments
In its 35-page document, Facebook also brought counter-arguments to all the items raised by NSO's motion to dismiss the case earlier this month.
While most of the document is legalese sword-fighting between oppossing and expensive legal teams, there is also another interesting item raised by both teams.
Earlier this month, the NSO legal team argued that the company should be immune to prosecution because it was contracted by a foreign government.
In its counter-argument, Facebook claimed that NSO has not produced evidence, such as a contract, that it worked for any foreign government, nor that there is any law that grants immunity to contractors acting on behalf of a government.
Facebook said last year, and reiterated again yesterday, that the hacks caused reputational damage to its WhatsApp product and it now wants to hold NSO responsible and liable for damages.
In a statement last year, NSO told ZDNet that its product had been designed to help law enforcement and intelligence services fight terrorism and serious crime.
An NSO spokesperson did not return a request for comment on Facebook's counter-motion.
https://www.bbc.com/news/technology-48262681
WhatsApp discovers 'targeted' surveillance attack
Dave Lee North America technology reporter
- 14 May 2019
- Share this with Facebook
- Share this with Messenger
- Share this with Twitter
- Share this with Email
Image copyright Getty Images Image caption WhatsApp has 1.5bn users, but it believed the attacks were highly-targeted
Hackers were able to remotely install surveillance software on phones and other devices using a major vulnerability in messaging app WhatsApp, it has been confirmed.
WhatsApp, which is owned by Facebook, said the attack targeted a "select number" of users and was orchestrated by "an advanced cyber-actor".
A fix was rolled out on Friday.
On Monday, WhatsApp urged all of its 1.5 billion users to update their apps as an added precaution.
The surveillance software involved was developed by Israeli firm NSO Group, according to a report in the Financial Times.
Facebook first discovered the flaw in WhatsApp earlier in May.
WhatsApp promotes itself as a "secure" communications app because messages are end-to-end encrypted, meaning they should only be displayed in a legible form on the sender or recipient's device.
However, the surveillance software would have let an attacker read the messages on the target's device.
Some users of the app have questioned why the app store notes associated with the latest update are not explicit about the fix.
Image copyright Twitter
"Journalists, lawyers, activists and human rights defenders" are most likely to have been targeted, said Ahmed Zidan from the non-profit Committee to Protect Journalists.
